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PRELIMINARY AMENDMENT 



Assistant Commissioner for Patents 
Washington, D.C. 20231 

Sir: 

The following amendments and remarks are submitted prior to 
examination of the above-identified application on the merits. 

IN THE SPECIFICATION: 

Before the paragraph numbered [0001], insert the following heading: 



-BACKGROUND OF THE INVENTION 
1 . Field of the Invention .-: 



Before the paragraph numbered [0006], insert the following heading: 
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-2. Description of the Related Art .-; 
Before the paragraph numbered [0038], insert the following heading: 

-SUMMARY OF THE INVENTION-; 
Before the paragraph numbered [0047], insert the following heading: 

-BRIEF DESCRIPTION OF THE DRAWINGS-; 
Before the paragraph numbered [0048], insert the following heading: 
-DESCRIPTION OF THE PREFERRED EMBODIMENTS-; 

Page 17, after paragraph [0097], insert the following new paragraph: 

-[0098] While this invention has been described in conjunction with specific 
embodiments thereof, it is evident that many alternatives, modifications and 
variations will be apparent to those skilled in the art. Accordingly, the preferred 
embodiments of the invention as set forth herein, are intended to be illustrative, 
not limiting. Various changes may be made without departing from the true spirit 
and full scope of the invention as set forth herein and defined in the claims. — 

Page 18, after the heading "CLAIMS" and before the first claim, insert the 
following: 

-We claim:— 
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IN THE CLAIMS 

Please substitute amended claims 1-18 as presented below for the same- 
numbered claims that were pending prior to the filing of this paper. A marked-up 
version of the amended claims is attached. 

1 . (Amended) A method for secure communication between first and 
second entities interconnected via an internet network, said entities being 
associated with respective first and second processing systems connected to 
said internet network, said first system operating in client mode and said second 
system operating in server mode, said method comprising: 

assigning respective permanent internet addresses to said first and 
second entities, 

making at least one application, located in a server of said second system, 
accessible to said first entity, and 

encrypting data exchanged between said first and second entities in 
conformity with a desired security protocol, wherein said first and second 
systems include a communication protocol stack having at least one layer which 
allows for said encrypting step to be performed. 

2. (Amended) A method according to claim 1, wherein said 
permanent IP addresses assigned to said first and second entities conform to an 
IPV6 Internet address protocol. 
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1 3. (Amended) A method according to claim 2, wherein 

2 communications through said internet network take place in conformity with an 

3 IPV4 Internet address protocol, and wherein said method further comprises: 

4 executing, in at least one of said first and second systems, an address 

5 conversion step which includes converting said IPV4 internet address protocol to 

6 said IPV6 internet address protocol. 

£? l 4. (Amended) A method according to claim 1, wherein said encrypting 

Q 

if 2 step is performed in conformity with an IPSec protocol in tunnel mode, in order to 

m 

q 3 obtain secure data exchanges between said first and second entities, and 

m 

SI 4 wherein said IPSec protocol is used with an EPS mechanism for authenticating 

0 5 information sources. 

m 

1 5. (Amended) A method according to claim 4, wherein said first entity 

ry 

2 is a user of said first system, wherein said method further includes a step for 

3 authenticating said user, and wherein said permanent IP address assigned to 

4 said first entity is used to identify said user. 

1 6. (Amended) A method according to clam 5, wherein 

2 communications through said network take place in data packet mode, and 

3 wherein said permanent IP address identifying said user is present in encrypted 

4 form in conformity with said IPSec protocol, in each of said data packets. 
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1 7. (Amended) A method according to claim 1, wherein said first 

2 system is connected to a wireless transmission segment, 

3 wherein communications between said first system and said second 

4 system take place in conformity with a WAP protocol, and 

5 wherein said second system includes a WAP server and a unified 

6 interface between said WAP server and at least one application, said at least one 

7 application being located in said second system and being accessible by said 
pj 8 first entity, and 

JjJ 9 wherein said WAP server is integrated into said second system as a web 

I 

O io server. 

m 

si 

8 

O l 8. (Amended) A method according to claim 7, wherein said second 

U 

J 2 system includes an additional module for performing two-way interface 

ui 

}j{ 3 adaptation of structures, which makes it possible to support application interfaces 

4 used by web servers. 

1 9. (Amended) A method according to claim 7, wherein said first 

2 system includes a WAP browser. 

1 10. (Amended) A method according to claim 1 , wherein said first 

2 system includes a mobile system, 

3 wherein said method further includes assigning to said first system a 

4 temporary address, and initiating a dialog between said first system and a home 

5 agent connected to said internet network to correlate said permanent address 
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assigned to said first entity with said temporary address, in conformity with said 
IPV6 protocol. 



1 11. (Amended) A system architecture for secure communication 

2 between first and second entities interconnected via an internet network, said 

3 entities respectively being associated with first and second data processing 

4 systems within a set of distributed systems connected to said internet network, 

5 said first system operating in client mode and said second system operating in 
If* 6 server mode, said first and second entities being associated with permanent 

g 

Q 7 internet addresses, comprising: 



2 8 a server included in said second system, said server comprising at least 

?j 9 one application accessible to said first entity; 

g io first and second communication protocol stacks respectively included in 

fy li said first and second systems, each of said first and second communication 

y i 

O 12 protocol stacks comprising at least one address layer using a respective one of 

ru 

13 said permanent IP addresses and a logical layer for encrypting, in end-to-end 

14 mode in conformity with a given security protocol, data exchanged between said 

15 first and second entities. 



1 12. (Amended) An architecture according to claim 1 1 , wherein said 

2 address layer conforms to an IPV6 protocol. 



1 13. (Amended) An architecture according to claim 12, wherein said 

2 internet network conveys data packets in conformity with an IPV4 protocol, 

3 wherein each of said first and second protocol stacks includes a first 



9160496V01 |T2147-907642 | 1/25/2002 



6 



a 



T2147-907642-US 3897/HD(PCT) 

,4 address layer in the IPV6 protocol and a second address layer in the IPV4 

5 protocol from which IPV6-compatible addresses are derived, in order to obtain 

6 exchanges in tunnel mode, and 

7 wherein said logical layer in each of said first and second protocol stacks 

8 encrypts data packets exchanged between said first and second entities. 

1 14. (Amended) An architecture according to claim 11, wherein said 

2 logical layer in each of said first and second protocol stacks conforms to an 

3 IPSec protocol in tunnel mode, in order to obtain secure data exchanges 



5 4 between said interconnected first and second.entities, and wherein said IPSec 

+» 

03 

5 protocol is used with an EPS mechanism for identifying information sources. 



p 1 15. (Amended) A method according to claim 1 1 , wherein said first 

"r. 

HJ 2 system is connected to a wireless transmission segment wherein 

III 

7 3 communications between said first system and said second system take place in 

fy 

4 conformity with a WAP protocol, wherein said second system includes at least a 

5 first module constituting a WAP server and a second module forming a unified 

6 interface between said WAP server and said at least one application, and 

7 wherein said WAP server is integrated into said second system as a web server. 



1 16. (Amended) An architecture according to claim 15, wherein said 

2 second system includes at least one additional module for two-way conversion of 

3 data packets of structures in conformity with web or WAP protocols. 
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1 17. (Amended) An architecture according to claim 1 5, wherein said first 

2 system is a mobile telephone terminal operating in a GSM standard, said mobile 

3 telephone terminal including a WAP type browser constituting a client and a 

4 display screen for displaying pages in WML-type language. 

5 

6 18. (Amended ) An architecture according to claim 15, wherein said 

7 first system is a mobile telephone terminal operating in a GPRS standard, said 

8 mobile telephone terminal including an Internet browser constituting a client and 

u 9 a display screen for displaying pages in WML-type language. 

O 
0 

09 

o 
in 

o 

m 
m 

Q 
IU 
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IN THE ABSTRACT 

Please replace the Abstract as originally filed with the following new 
abstract: 

-~ ABSTRACT 

A method for providing secure communication between first and second 
systems connected to the internet includes assigning respective permanent 
internet addresses to first and second entities associated with the systems, 
making at least one application located in a server of said second system 
accessible to the first entity, and encrypting data exchanged between the first 
and second entities in conformity with a desired security protocol. The first and 
second systems each include a communication protocol stack having at least 
one layer which allows for the encrypting step to be performed. Through this 
method, a user in the first system can directly address an application hosted by 
the second system without using or even knowing the name of the host system. 
The entity in the first system may be a wireless unit operating, for example, in 
GSM and the entity in the second system may be a server in an intranet. To 
enable conversion to take place between the wireless application and internet 
standards, the server in the second system is preferably equipped with WAP and 
WEB servers and associated conversion units. - ~ 
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REMARKS 

Claims 1-18 are pending. These claims have been amended to place 
them in a form which comports with established U.S. claim practice. Also, the 
specification has been amended to include section headers, and a new abstract 
has been provided. 

It is respectfully submitted that the application is in condition for allowance. 
Favorable consideration and prompt allowance of the application is respectfully 
requested. 

Should the Examiner believe that further amendments are necessary to 
place the application in condition for allowance, or if the Examiner believes that a 
personal interview would be advantageous in order to more expeditiously resolve 
any remaining issues, the Examiner is invited to contact Applicants' undersigned 
attorney at the telephone number listed below. 

To the extent necessary, Applicants petition for an extension of time under 
37 CFR § 1 .136. Please charge any shortage in fees due in connection with this 
application, including extension of time fees, to Deposit Account No. 50-1165 
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(Attorney Docket No. T21 47-907642) and credit any excess fees to the same 
Deposit Account. 



Miles & Stockbridge P.C. 
1751 Pinnacle Drive, Suite 500 
McLean, Virginia 22102-3833 
Telephone No: (703)610-8641 
Facsimile No: (703) 61 0-8686 
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Respectfully submitted, 




Samuel W. Ntiros 
Registration No. 39,318 
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Marked-Up Version of the Amended Claims 



1 1 . (Amended) A method [Method] for secure communication between 

2 first and second entities interconnected via an internet network, said entities 

3 being associated with respective first and second [computer data] processing 

4 systems [within a set of distributed systems] connected to said internet network, 

5 [characterized in that said first and second entities are constituted by a piece of 

6 software (36a-36o, 37a-37o) hosted in one of said systems (3, 3') connected to 
jf 7 said internet network (Rl, R) and/or a user (U-\) of said connected systems (4, 

§ 8 20), in that] said first system [(4, 20) operates in the so-called] operating in client 

S! 9 mode and said second system [(3, 3') operates in the so-called] operating in 

IP 

\j 10 server mode, [in that it includes a step for] said method comprising: 

D n assigning[, in said set of systems, a] respective permanent [Internet] 

fU 12 internet addresses [address of the so-called IP type to each of] said 

0 13 [interconnected! first and second entities MlAi. 36a-36fr. 37a-37cf), in that installed 

14 in] 

15 making at least one application, located in a server of said second system,, 

16 [forming the server (3, 3') is at least one piece of software forming a server (30, 

17 31) and offering the services of at least one application (36a-36b, 37a-37d)] 

18 accessible to said first entity[(£/-0], and 

19 encrypting data exchanged between said first and second entities in 

2 0 conformity with a desired security protocol, wherein [in that installed in] said first 

21 [(4, 20)] and second [(3, 3')] systems include [is] a communication protocol stack 

22 [that includes] having at least one layer [(45, 391)] which allows for said 

23 encrypting step to be performed [the execution of a step for encrypting, in end-to- 

9160496V01 |T2147-907642 | 1/22/2002 2.2 



T2147-907642-US 3897/HD(PCT) 



24 end mode in conformity with a given security protocol, data exchanged between 
2 5 said interconnected entities (U-[, 36a-366, Zla-Zld)]. 



1 2. (Amended) A method [Method] according to claim 1 , [characterized 

2 in that] wherein said permanent IP addresses assigned to said [interconnected] 

3 first and second entities [((/i, 36a-36o, 37a-37cf)] conform to [the] an IPV6 

4 Internet address protocol. 



1 3. (Amended) A method [Method] according to claim 2, [characterized 

5 

2 in that since said] wherein communications through said internet network [(/?/, R)] 

03 

O 3 take place in conformity with [the] an IPV4 Internet address protocol, [it includes 

U1 

4 the installation in said first (4, 20) and second (3, 3') systems of a protocol layer 

5 (46, 392) that makes it possible to derive IPV4 addresses that are compatible 

6 with said IPV6 protocol, by] and wherein said method further comprises: 



o 

fy 7 executing , in at least one of said first and second systems, an address 

8 conversion step which includes converting said IPV4 internet address protocol to 

9 said IPV6 internet address protocol [that conforms to the so-called "6-to-4" 
10 protocol]. 



1 4. (Amended) A method [Method] according to claim 1 , [characterized 

2 in that said encryption] wherein said encrypting step is performed in conformity 

3 with [the so-called] an IPSec protocol^ used with the so-called EPS mechanism 

4 for authenticating information sources,] in [the so-called] tunnel mode, in order to 

5 obtain secure data exchanges between said [interconnected] first and second 

6 entities [(</i, 36a-36b, 37a-37d)1 , and wherein said IPSec protocol is used with 
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* 7 an EPS mechanism for authenticating information sources . 



1 5. (Amended) A method [Method] according to claim 4, [characterized 

2 in that,] wherein said first entity [being] is a user [((/i)] of said first system [(4, 20), 

3 itl , wherein said method further includes a step for authenticating said user [(l/i)] A 

4 and wherein [and in that] said permanent IP address assigned to said first entity 

5 is used [as data for identifying this] to identify said user [(U^)]. 

"M, 

P l 6. (Amended) A method [Method] according to clam 5, [characterized 

O 

M 2 in that since said] wherein communications through said network take place in 

m 

Q 3 data packet mode, and wherein said permanent IP address [data for] identifying 

m 

*i 4 [a] said user [(t/1)] is present in encrypted form in conformity with said IPSec 

pf 5 protocol, in each of said data packets. 

fy 
m 

fy i 7. (Amended) A method [Method] according to claim 1 , [characterized 

2 in that] wherein said first system [(4, 20)] is connected to a wireless transmission 

3 segment [(RTT)], [in that the] 

4 wherein communications between [this] said first system [constituting a 

5 client system (4, 20)] and said second system [constituting a server system (3, 

6 3')] take place in conformity with [the so-called] a WAP protocol, and [in that it 

7 includes the installation in] 

8 wherein said second system [(3, 3') of at least one piece of software 

9 constituting] includes a WAP server [(30)] and a [second piece of software (32) 
10 forming a] unified interface between said WAP server [(30)] and at least one 
n application [(36a-36Jb, 37a-37cT)1 . said at least one application being located in 
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12 said second system and being accessible by [offering its services to] said first 

13 entity [(£/i), so that] and 

14 wherein said WAP server [(30)] is integrated into said [server] second 

15 system [(3, 3')] as a web server. 



1 8. (Amended) A method [Method] according to claim 7, [characterized 

2 in that it includes the installation in] wherein said second system [(3, 3') of] 

3 includes an additional module [(35)] for performing two-way interface adaptation 

Q 4 of structures, which makes it possible to support application interfaces [(33)] 

1 

5 used by web servers. 

m 
O 
If! 
\i 

1 9. (Amended) A method [Method] according to claim 7, [characterized 

b 

y, 2 in that it includes the installation in] wherein said first system [(4, 20) of a piece of 

m 

iff 3 software constituting a client and in that said piece of software is] includes a 

O 

fy 4 WAP browser. 



1 10. (Amended) A method [Method] according to claim 1 , [characterized 

2 in that,] wherein said first system [being] includes a mobile system [(25), it],. 

3 wherein said method further includes [the assignment] assigning to said 

4 first system [(25) of] a temporary address, and [in that it includes a step for] 

5 initiating a dialog between said first system [(25)] and [an element called] a 

6 ["]home agent[" (23)] connected to said internet network [(it), which makes it 

7 possible] to correlate^ at all times,] said permanent address assigned to said first 

8 entity [(I/3)] with said temporary address, in conformity with said [the so-called 

9 "mobile] IPV6 protocolf]. 
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1 1 . (Amended) A system [System] architecture for secure 
communication between first and second entities interconnected via an internet 
network, said entities respectively being associated with first and second 
[computer] data processing systems within a set of distributed systems 
connected to said internet network, [characterized in that] said first system [(4, 
20) is a system] operating in [the so-called] client mode and said second system 
([3, 3') is a system] operating in [the so-called] server mode, [in that said first and 
second entities are pieces of software (36a-36o, 37a-37d) hosted in said first (4, 
20) and second (3, 3') systems and/or a user (Ui) of said connected systems, in 



a server included in said second system, said server comprising 



to said first entity [(t/i), and in that said first (4, 20) and second (3, 3') systems 
17 include a] 

first and second communication protocol [stack] stacks respectively 
19 included in said first and second systems, each of said first and second 

communication protocol stacks comprising at least one address layer [(44, 390)] 
using a respective one of said permanent IP [address] addresses and a logical 
layer [(45, 391) for the execution of a step] for encrypting, in end-to-end mode in 
conformity with a given security protocol, data exchanged between said first and 
second [interconnected] entities [(Uu 36a-36b, 37a-37d)]. 
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'l * 12. (Amended) An architecture [Architecture] according to claim 1 1 , 

2 [characterized in that] wherein said address layer [(44, 390)] conforms to [the] an 

3 IPV6 protocol. 



1 13. (Amended) An architecture [Architecture] according to claim 12, 

2 [characterized in that since] wherein said internet network [(/?)] conveys data 

3 packets in conformity with an [the] IPV4 protocol, 

4 wherein each of said first and second protocol stacks [of said first (4, 20) 

rj 5 and second (3, 3') systems each include] includes a first address layer [(44, 390) 

O 

,E 6 using said IP address] in the IPV6 protocol[, ]and a second address layer [(46, 

m 

O 7 392)] in the IPV4 protocol from which IPV6-compatible addresses are derived, in 

01 

^ 8 order to obtain exchanges in [the so-called] tunnel mode[;] , and 

Pi 

J 9 wherein said logical layer [layers (45, 391) executing an encryption step 

hj 

jj| io (45,37) in favor of said] in each of said first and second protocol stacks encrypts 

Q 

fj n data packets exchanged between said [interconnected] first and second entities 

12 [(U h 36a-36o, 37a-37c/)]. 



1 14. (Amended) An architecture [Architecture] according to claim 1 1 , 

2 [characterized in that] wherein said logical layer [layers (45, 391) for executing an 

3 encryption step conforms] in each of said first and second protocol stacks 

4 conforms to [the so-called] an IPSec protocol[, used with the so-called EPS 

5 mechanism for identifying information sources,] in [the so-called] tunnel mode, in 

6 order to obtain secure data exchanges between said interconnected first and 

7 second entities [(U<\, 36a-36b, 37a-37cf)1 , and wherein said IPSec protocol is 

8 used with an EPS mechanism for identifying information sources . 
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r < 15. (Amended) A method [Method] according to claim 1 1 , 

2 [characterized in that] wherein said first system [(4, 20)] is connected to a 

3 wireless transmission segment [(RTT), in that the] wherein communications 

4 between [this] said first system [(4, 20) constituting a client system] and said 

5 second system [(3, 3') constituting a server system] take place in conformity with 

6 [the so-called] a WAP protocol, [and in that] wherein said second system [(3, 3')] 

7 includes at least a first module constituting a WAP server [(30)] and a second 

8 module [(32)] forming a unified interface between said WAP server [(30)] and 

q 9 said at least one application [(36a-36<b, 37a-37d) offering its services to said first 

i io entity (CM, so that] , and wherein said WAP server f(30)] is integrated into said 

O n [server] second system [(3, 3')] as a web server. 
M- 

rf i 16. (Amended) An architecture fArchitecture] according to claim 15, 

jjjj 2 [characterized in that] wherein said second system [(3, 3')] includes at least one 

8 

fy 3 additional module [(38a-38b)] for [the] two-way conversion of data packets of 

4 structures in conformity with [said] web or WAP protocols. 



1 17. (Amended) An architecture [Architecture] according to claim 15, 

2 [characterized in that] wherein said first system is a mobile telephone terminal 

3 [(20, 4)] operating in a [the so-called] GSM standard, [in that it includes] said 

4 mobile telephone terminal including a WAP type browser constituting a client[,] 

5 and [in that it includes] a display screen for displaying pages in [a] WML-type 

6 language [of the so-called WML type]. 



l 



18. (Amended) An architecture [Architecture] according to claim 15, 
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2 [characterized in that] wherein said first system is a mobile telephone terminal 

3 operating in [the so-called] a GPRS standard, [in that it includes] said mobile 

4 telephone terminal including an Internet browser constituting a clientf,] and [in 

5 that it includes] a display screen for displaying pages in [a] WML-type language 

6 [of the so-called WML type]. 
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